pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q1]: pkgsrc/www/apache Pull up security fix to the pkgsrc-...
details: https://anonhg.NetBSD.org/pkgsrc/rev/9139c93b04da
branches: pkgsrc-2004Q1
changeset: 471397:9139c93b04da
user: agc <agc%pkgsrc.org@localhost>
date: Tue Apr 27 08:14:40 2004 +0000
description:
Pull up security fix to the pkgsrc-2004Q1 branch.
Requested by taca in ticket pkgsrc-16 (and 12, I think).
"Add three patches to resolve security issue:
SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
The three patches are from Apache cvs.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/
Also bump PKGREVISION too."
diffstat:
www/apache/Makefile | 3 +-
www/apache/distinfo | 5 ++-
www/apache/patches/patch-ap | 30 ++++++++++++++++++
www/apache/patches/patch-aq | 14 ++++++++
www/apache/patches/patch-ar | 75 +++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 125 insertions(+), 2 deletions(-)
diffs (163 lines):
diff -r 7b0b5d139c3e -r 9139c93b04da www/apache/Makefile
--- a/www/apache/Makefile Tue Apr 27 07:56:38 2004 +0000
+++ b/www/apache/Makefile Tue Apr 27 08:14:40 2004 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.139 2004/02/28 22:18:35 snj Exp $
+# $NetBSD: Makefile,v 1.139.2.1 2004/04/27 08:14:40 agc Exp $
#
# This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
# code hooks that allow mod_ssl to be compiled separately later, if desired).
DISTNAME= apache_${APACHE_VERSION}
PKGNAME= apache-${APACHE_VERSION}
+PKGREVISION= 1
APACHE_VERSION= 1.3.29
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
diff -r 7b0b5d139c3e -r 9139c93b04da www/apache/distinfo
--- a/www/apache/distinfo Tue Apr 27 07:56:38 2004 +0000
+++ b/www/apache/distinfo Tue Apr 27 08:14:40 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2004/02/28 22:15:30 snj Exp $
+$NetBSD: distinfo,v 1.30.2.1 2004/04/27 08:14:40 agc Exp $
SHA1 (apache_1.3.29.tar.gz) = 0fb055dfd8c86457996edb36f19fb66f09dccd6a
Size (apache_1.3.29.tar.gz) = 2435809 bytes
@@ -20,3 +20,6 @@
SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2
SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02
SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4
+SHA1 (patch-ap) = 3dfa2396d481aca2b746d02cb2b161bd956825f8
+SHA1 (patch-aq) = 80032eadbbb546df8eac7fe08800a784c06a06f0
+SHA1 (patch-ar) = b422847735a9a4821cfa8ba8e2e7639ce1605b39
diff -r 7b0b5d139c3e -r 9139c93b04da www/apache/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ap Tue Apr 27 08:14:40 2004 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-ap,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/main/http_log.c.orig 2003-02-03 09:13:21.000000000 -0800
++++ src/main/http_log.c
+@@ -314,6 +314,9 @@ static void log_error_core(const char *f
+ const char *fmt, va_list args)
+ {
+ char errstr[MAX_STRING_LEN];
++#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
++ char scratch[MAX_STRING_LEN];
++#endif
+ size_t len;
+ int save_errno = errno;
+ FILE *logf;
+@@ -445,7 +448,14 @@ static void log_error_core(const char *f
+ }
+ #endif
+
++#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
++ if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
++ len += ap_escape_errorlog_item(errstr + len, scratch,
++ sizeof(errstr) - len);
++ }
++#else
+ len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
++#endif
+
+ /* NULL if we are logging to syslog */
+ if (logf) {
diff -r 7b0b5d139c3e -r 9139c93b04da www/apache/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-aq Tue Apr 27 08:14:40 2004 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aq,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/include/httpd.h.orig 2004-04-07 12:24:10.967724616 -0700
++++ src/include/httpd.h
+@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool *
+ API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname,
+ unsigned port, const request_rec *r);
+ API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str);
++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
++ size_t buflen);
+ API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s);
+
+ API_EXPORT(int) ap_count_dirs(const char *path);
diff -r 7b0b5d139c3e -r 9139c93b04da www/apache/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ar Tue Apr 27 08:14:40 2004 +0000
@@ -0,0 +1,75 @@
+$NetBSD: patch-ar,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/main/util.c.orig 2003-02-03 09:13:23.000000000 -0800
++++ src/main/util.c
+@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo
+ return ret;
+ }
+
++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
++ size_t buflen)
++{
++ unsigned char *d, *ep;
++ const unsigned char *s;
++
++ if (!source || !buflen) { /* be safe */
++ return 0;
++ }
++
++ d = (unsigned char *)dest;
++ s = (const unsigned char *)source;
++ ep = d + buflen - 1;
++
++ for (; d < ep && *s; ++s) {
++
++ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
++ *d++ = '\\';
++ if (d >= ep) {
++ --d;
++ break;
++ }
++
++ switch(*s) {
++ case '\b':
++ *d++ = 'b';
++ break;
++ case '\n':
++ *d++ = 'n';
++ break;
++ case '\r':
++ *d++ = 'r';
++ break;
++ case '\t':
++ *d++ = 't';
++ break;
++ case '\v':
++ *d++ = 'v';
++ break;
++ case '\\':
++ *d++ = *s;
++ break;
++ case '"': /* no need for this in error log */
++ d[-1] = *s;
++ break;
++ default:
++ if (d >= ep - 2) {
++ ep = --d; /* break the for loop as well */
++ break;
++ }
++ c2x(*s, d);
++ *d = 'x';
++ d += 3;
++ }
++ }
++ else {
++ *d++ = *s;
++ }
++ }
++ *d = '\0';
++
++ return (d - (unsigned char *)dest);
++}
+
+ API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str)
+ {
Home |
Main Index |
Thread Index |
Old Index